# Network-server API
#
# This is the network-server API that is used by LoRa App Server or other
# custom components interacting with LoRa Server.
[network_server.api]
# ip:port to bind the api server
bind="0.0.0.0:8000"
# ca certificate used by the api server (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the api server (optional)
tls_cert="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server.pem"
# tls key used by the api server (optional)
tls_key="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server-key.pem"
# Default join-server settings.
#
# This join-server will be used when resolving the JoinEUI is set to false
# or as a fallback when resolving the JoinEUI fails.
[join_server.default]
# hostname:port of the default join-server
#
# This API is provided by LoRa App Server.
server="https://localhost:8003"
# ca certificate used by the default join-server client (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the default join-server client (optional)
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api-client.pem"
# tls key used by the default join-server client (optional)
tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem"

This is how I have configured the lora-app-server.toml

# Settings for the "internal api"
#
# This is the API used by LoRa Server to communicate with LoRa App Server
# and should not be exposed to the end-user.
[application_server.api]
# ip:port to bind the api server
bind="0.0.0.0:8001"
# ca certificate used by the api server (optional)
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# tls certificate used by the api server (optional)
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api-server.pem"
# tls key used by the api server (optional)
tls_key="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem"
# Public ip:port of the application-server API.
#
# This is used by LoRa Server to connect to LoRa App Server. When running
# LoRa App Server on a different host than LoRa Server, make sure to set
# this to the host:ip on which LoRa Server can reach LoRa App Server.
# The port must be equal to the port configured by the 'bind' flag
# above.
public_host="localhost:8001"
# Join-server configuration.
#
# LoRa App Server implements a (subset) of the join-api specified by the
# LoRaWAN Backend Interfaces specification. This API is used by LoRa Server
# to handle join-requests.
[join_server]
# ip:port to bind the join-server api interface to
bind="0.0.0.0:8003"
# CA certificate (optional).
#
# When set, the server requires a client-certificate and will validate this
# certificate on incoming requests.
ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"
# TLS server-certificate (optional).
#
# Set this to enable TLS.
tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api-server.pem"
# TLS server-certificate key (optional).
#
# Set this to enable TLS.
tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api-server-key.pem"

I recommend you set first everything up without the optional TLS certificates and make sure everything works. Then you start adding them API endpoint by API endpoint and validate at every change that things are still operational

Also, when you configure TLS certificates in the config files, but leave them blank in the TLS certifcates tab in the web-interface, then it is expected that this does not work as you setup your APIs that TLS is required.

Hi @brocaar i have the same problem, but is it possible that you can elaborate the answers with adding endpoints and the setup by API that TLS is required?

I recommend you set first everything up without the optional TLS certificates and make sure everything works. Then you start adding them API endpoint by API endpoint and validate at every change that things are still operational

Also, when you configure TLS certificates in the config files, but leave them blank in the TLS certifcates tab in the web-interface, then it is expected that this does not work as you setup your APIs that TLS is required.

I have written almost everything here, and i can’t find a solution for the problem.